Where can we find the data from apache integration

We have installed elastic agent in a client system (apache server) and enrolled it in the fleet.
We have added apache http server integration to its policy.
We can see the data in /var/log/apache2/access.log of the apache server.
The pipelines and templates can be seen in the Stack Management.

The Index templates are as follows:

    Name					        Index patterns			      Components

1. logs-apache.access(Managed)	    logs-apache.access-*		logs-apache.access@settings, logs-apache.access@custom, .fleet_component_template-1		
	
2. logs-apache.error(Managed)		logs-apache.error-* 		logs-apache.error@settings, logs-apache.error@custom, .fleet_component_template-1

3. metrics-apache.status(Managed)	metrics-apache.status-*	    metrics-apache.status@settings, metrics-apache.status@custom, .fleet_component_template-1

But we couldn't find any index matching 'apache' in the Kibana.
(We had successfully integrated endpoint security for the same policy and we could view the logs of endpoint security from the same system)

Where can we find the data from the elastic-agent of the apache server in Kibana?

Guessing here - they should be within the logs-* data view (formerly known as index pattern) for the logs sources and the metrics-* index pattern for the metrics sources. there is a field in these called event.dataset that you can use to filter to just the specific sources of logs (and metrics respectively)...or you can make a specific data view in stack management that selects a specific index directly.

indexes managed by agent don't show in the default view for "Index management" as they're managed by a data stream so they're 'hidden' indexes as to prevent a user from removing something that's actually managed by elastic agent.

image2028×1578 320 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.